Chapter Configure Windows Server 2012 R2 4 THE FOLLOWING 70-410 EXAM OBJECTIVES ARE COVERED IN THIS CHAPTER: ✓ Configure file and share access ■ Create and configure shares ■ Configure share permissions ■ Configure offline files ■ Configure NTFS permissions ■ Configure access-based enumeration (ABE) ■ Configure Volume Shadow Copy Service (VSS) ■ Configure NTFS quotas ■ Create and configure Work Folders ✓ Configure print and document services ■ Configure the Easy Print print driver ■ Configure Enterprise Print Management ■ Configure drivers ■ Configure printer pooling ■ Configure print priorities ■ Configure printer permissions ✓ Configure servers for remote management ■ Configure WinRM ■ Configure down-level server management ■ Configure servers for day-to-day management tasks ■ Configure multi-server management ■ Configure Server Core ■ Configure Windows Firewall ■ Manage non-domain joined servers c04.indd 205 1/16/2015 9:29:56 AM This chapter explains how to set up your servers so that your network users have something to access. Before you can set up a server, you have to determine the purpose of it. Is it going to be a print server, a fle storage server, a remote access server, or a domain controller? After you have decided how the machine is going to help your network, you must implement your decision. In this chapter, I’ll show you how to set up a print server and a fle server. In addition, I will discuss how to set up permissions and security for these servers and how you can limit the amount of space your users can have on a server. Microsoft Windows Server 2012 and Windows Server 2012 R2 are used for all of the server types in this chapter. Although other operating systems can be used, this chapter refers only to Windows Server 2012 and Windows Server 2012 R2. Understanding File Servers Before you confgure a fle server, you must understand what a fle server actually does. File servers are machines on your network that store data fles to share among network clients. The same machine can be a fle server and another type of server. For example, a machine can both host network fles and run Exchange Server 2013. Such a machine would have both fle server and application server functions. (Application servers are machines that host applications used by network clients.) Multiple Server Types on One Machine More than ever, in today’s world most IT departments have to worry about budgets. The problem is that the IT department often has the smallest budget in a company. You are typically stuck between a rock and a hard place because if your network is running well, people (including executives) forget about you. This makes it hard when you ask for anything that may impact the budget. Because of the lack of funds, often you will leverage one machine to perform many server tasks. I have seen several companies where the IT department had to have the same machine running both as an application server and as a fle server. c04.indd 206 1/16/2015 9:29:57 AM Configuring File Servers 207 You must consider various factors before allowing a machine to run multiple server types. How many processors do you have? What are the processor speeds? How much RAM does the machine have? What is the hard drive speed? What type of applications will be hosted on the machine? After you have gathered all of the information about the machine, then you can decide whether the machine can host multiple server types. Keep this one fact in mind, however—because of the requirements and demands on the computer system, it’s always a good idea to host SQL Server on a dedicated machine. When setting up a fle server, one of the most important things you will do is to set up work and personal folders for your users. I have been consulting for many years, and one thing I always stress to all of my clients is to perform regular backups. After all, most organizations would not be able to recover after losing all of their data. Usually, companies back up only their servers, and this is why home folders are so important. Home folders are one of the most common fle types on a fle server; they are folders set up on the server for users to store information. Users have a location on the server to store their important data, and therefore that data will be backed up when the company does its regular backups. Home folders are just one example of how to use work folders on a fle server. I will be discussing other examples throughout this chapter. Configuring File Servers Now that you have an understanding of what a fle server does, it’s time to discuss how to confgure these servers. Setting up a fle server properly encompasses many steps. As always, one major concern is security. In the following sections, I will frst describe how to share and publish online and offine fles and folders. Then I will discuss the two types of security—shared permissions and NTFS security—that an administrator can set when sharing fles or folders. Sharing Folders A fle server is for sharing and storing data. To use one, you need to know how to set up a share, or a shared folder, on your server. A shared folder is exactly what it says; it’s a folder that is shared on your network so that users can access the data within that folder. As an administrator, you have the ability to determine which users can access which fles within a shared folder. One of the main goals of Active Directory is to make resources easy to fnd. Active Directory also makes it easy to determine which fles are available to users. That being said, I will explain how Active Directory manages to publish shared folders. c04.indd 207 1/16/2015 9:29:57 AM 208 Chapter 4 ■ Configure Windows Server 2012 R2 Making Active Directory Objects Available to Users With Active Directory, a system administrator can control which objects users can see. The act of making an Active Directory object available is known as publishing. The two main publishable objects are Printer objects and Shared work folder objects. The reason I list Shared work folders here is because personal folders for users are not normally published in Active Directory. You publish an object in Active Directory because you want an easy way for everyone to fnd resources. Ordinarily, you don’t want everyone accessing someone’s home folder, and this is why you don’t normally publish home folders. The general process for creating server shares and shared printers has remained unchanged from previous versions of Windows. You create the various objects (printers or folders) and then enable them for sharing. To make these resources available via Active Directory, however, there’s an additional step: You must publish the resources. Once an object has been published in Active Directory, clients will be able to fnd it. When you publish objects in Active Directory, you should know the server name and share name of the resource. This information, however, doesn’t matter to your users. A system administrator can change the resource to which an object points without having to reconfgure or even notify clients. For example, if you move a share from one server to another, all you need to do is update the Shared Folder’s object’s properties to point to the new location. Active Directory clients still refer to the resource with the same path and name as they used before. Exercise 4.1 will walk you through the steps for sharing and publishing a folder for use on your network. E XERCI S E 4.1 Creating and Publishing a Shared Work Folder 1. Create a new folder in the root directory of your C: partition, and name it Test Share. 2. Right-click the Test Share folder, and choose Share With ➢ Specifc People. c04.indd 208 1/16/2015 9:29:58 AM Configuring File Servers 209 3. In the File Sharing dialog box, enter the names of users with whom you want to share this folder. In the upper box, enter Everyone and then click Add. Note that Everyone appears in the lower box. Click in the Permission Level column next to Everyone, and choose Read/Write from the drop-down menu. Then click Share. 4. You see a message that your folder has been shared. Click Done. 5. Open the Active Directory Users and Computers tool. Expand the current domain. Select New ➢ Shared Folder. 6. In the New Object – Shared Folder dialog box, type Shared Folder Test for the name of the folder. Then type the UNC path to the share (for example, \\serverA\Test Share). Click OK to create the share. c04.indd 209 1/16/2015 9:29:58 AM 210 Chapter 4 ■ Configure Windows Server 2012 R2 One of the main benefits of having all of your resource information in Active Directory is that you can easily find the information that you’re seeking using the Find dialog box. When setting up objects in Active Directory, I recommend you always enter as much information as possible for the objects you’re creating. The extra effort will pay off when your users start doing searches for these objects. The more information you enter, the more users can search to find the appropriate resource they need. Access-Based Enumeration Access-Based Enumeration (ABE) is a feature included with Windows Server 2012/2012 R2. ABE allows your domain users to list only the fles and folders to which they have access when browsing content on the fle server.